2

How do I grant administrator rights to a running WCF service hosted in IIS7?

The problem is, my code works fine in a test console application runned as an administrator, but the same code used from WCF service in IIS7 fails. When I run the same console test application without admin rights, code fails.

So, how do I grant admin rights to a WCF service hosted in IIS7? Do I grant admin rights to IIS7 service? Can I grant rights to a specific WCF service? How do I do 'Run as an administrator' on IIS7 or specific website?

Thanks!

(That's the question, here is a more detailed description of a situation: I am trying to capture frames from a webcam into a jpg file using Touchless library, and I can do that from a console application with admin rights. When I run that same console app without admin rights I cannot access a webcam in code. Same thing happens in a WCF service with the same code.)

EEAA
  • 109,363
  • 18
  • 175
  • 245
Allan Baker
  • 23
  • 1
  • 3

1 Answers1

3

The permissions that your WCF service is running under is most likely the application pool identity. First, be careful with granting admin rights to an app pool. I would separate this service to it's own app pool if you can to minimize the footprint of what needs admin rights.

Visit the app pool and go to advanced settings in the Actions pane. You can set your own custom admin user there.

Also, there's a chance that part of the service runs as the anonymous user's account. To change that edit the site and then authorization -> anonymous. Set it to use the app pool identity. That way everything will run under the identity set in the app pool.

Scott Forsyth
  • 16,449
  • 3
  • 37
  • 56
  • Thnks Scott. I'm sorry, but I didn't quite understand what to edit, where to set identity. I can edit sites Basic Settings and Connect as specific user (as opposed to connecting as Application user), or I can edit .NET Authorization Rules, or I can edit IIS Authentication. Which one did you mean? – Allan Baker Feb 10 '11 at 21:43
  • Hi Allan. There's another section in IIS7, up at the top level, called Application Pools. First, at your website level, click on "Basic Settings" in the Actions pane. That will tell you which App pool your site is in. Then click on Application Pools and select your site's app pool. Then click "Advanced Settings..." from the Actions pane. In there under Process Model -> Identity, you can change the identity of the app pool. Also at the site level, authentication icon, edit the Anonymous Authentication option. Set it to "Application pool identity" – Scott Forsyth Feb 11 '11 at 14:44